<%@ page import="java.sql.Connection" %>
<%@ page import="com.example.javaee.DB" %>
<%@ page import="java.sql.PreparedStatement" %>
<%@ page import="java.sql.ResultSet" %><%

    String username = request.getParameter("username");
    String password = request.getParameter("password");

    Connection connection = DB.getConnection();
    String sqlSelect = "SELECT * FROM db_user.user WHERE username = ? AND password = MD5(?)";
    PreparedStatement preparedStatementSelect = connection.prepareStatement(sqlSelect);
    preparedStatementSelect.setString(1, username);
    preparedStatementSelect.setString(2, password);
    ResultSet resultSet = preparedStatementSelect.executeQuery();
    if (resultSet.next()) {

    } else {
        request.setAttribute("message", "Invalid username or password.");
        request.getRequestDispatcher("index.jsp").forward(request, response);
    }

%>